Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Simulation on TZ-400

Hi everybody,

i uses severals TZ-400 on a big infrastructure in a very secure environnement.

I've to make some changes on the firewalls but i can't have a test environnement.

My question is : is it possible to have a flow simulation into a TZ-400

For example : is it possible to simulate a flow entering by X2 to a special IP with a special Port.

Like this i can try this flow without waiting.


Thank you

Eric

Category: Mid Range Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    DisaRicksDisaRicks Newbie ✭
    Accepted Answer

    @shiprasahu93

    I solve a part of my problem.....

    So many hours to search for finally :

    Thanks a lot for your help...

    Without you, i'll search again and again....

    Thanks!

Answers

  • AjishlalAjishlal Cybersecurity Overlord ✭✭✭

    Hi @DisaRicks

    Sonicwall supposed to provide ENG/GNS3 image for education / training purpose.

    @Saravanan @shiprasahu93

    Appreciated if you could have provide E-NG or GNS3 image of the Firewall for the testing / development environment purpose.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @DisaRicks do you mean something like Investigate -> Tools -> Packet Replay?

    https://www.sonicwall.com/support/knowledge-base/how-to-use-packet-replay/170915122451889/

    --Michael@BWC

  • SaravananSaravanan Moderator

    Hi @DisaRicks,

    What @BWC suggested would be the best way to replay the kind of flow that you are trying to.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • DisaRicksDisaRicks Newbie ✭

    Hi, thank you very much for your answers.

    I try to use the Packet Replay but i'm not sure for the result.

    When a real test is made, i received this in the packet monitor :

    As you can see, the packet is Dropped from 159.50.228.23 to 172.20.85.31 with port 443.

    I create a PCAp fil from this packet monitor.

    Now i use Packet REPLAY and i use the PcapFile just create.

    I put in IP1 : 159.50.228.23 on Interface X2

    I put in IP2 : 172.20.85.31 on interface X2 (that's my problem i think. Normally, the flow must go through the VPN on X1 interface but not X1 in the drop box)

    and i receive:

    Here the packet is received....

    I'm lost

    My real problem is the following :


    I must received a packet from an IP in the range 159.50.228.0-255.255.255.192 on X2 Interface

    This packet must go et the 172.20.85.31 Ip on another network accros VPN on X1 interface with the port 443

    It doesn't work.

    I do exactelly the same that for another flow from the same interface with ip in 10.22.0.0/24 to the 172.20.85.32 on port 10611 for example and this one in fully fonctionnal.

    Same route, same rules.... I don't find the reason.... I expect the port 443. Does this port special?

    Thank you very much for your help

    Eric

  • shiprasahu93shiprasahu93 Moderator

    @DisaRicks,

    The packet replay feature only shows how the firewall will process and will not send the packet outside of the firewall. Could you please share how the interface X2 is configured, the routes you have in place, and the networks included in VPN? That should help us troubleshoot this issue.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • DisaRicksDisaRicks Newbie ✭

    @shiprasahu93

    here is the configuration of the X2 interface

    here ares the rules

    The red arrow shows the concerned route for my case

    Where Serveurs_Marne is 159.50.0.0/255.255.0.0

    and PASTEUR_NETWORK includes the network 172.20.85.0/255.255.255.0

    Any Port

    For Information , the route in blue arrow works perfectly

    Where CE_BNPPFR include for example the network 10.22.0.0/255.255.0.0

    Everything accros a VPN thant included the followings networks

    in my side

    On the other side of the VPN, i see :

    I create a rule to the VPN Zone allowing this packet : Erro 726 packet Dropped - Policy Route

    I remove this rule because i think i don't need it accross the VPN : same error code 726


    I'm completly lost.

    Thank you.

  • shiprasahu93shiprasahu93 Moderator

    @DisaRicks,

    So, is it like you have both VPN as well as routing to PASTEUR_NETWORK which includes the network 172.20.85.0/255.255.255.0?

    The only difference that I can see is that the non-working route is on a metric 5 although the other one is on 1.

    What happens when you do a packet capture with the source as 159.50.228.23? Is that traffic getting dropped on the firewall?

    I would suggest generating some real-time traffic and performing a packet capture with that source IP. It should not matter that the port is 443.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • DisaRicksDisaRicks Newbie ✭

    @shiprasahu93


    here is a ral time packet capture made a few minutes ago with the 159.50.228.33 ip source

    As you can see, Error 726

    I try to change the route METRIC to 1 : same error code

    I send you the PCAP File (i change the extention to TXT, you must change it to PCAP) if you want to see it.

    Thank you

  • shiprasahu93shiprasahu93 Moderator

    @DisaRicks,

    Based on the drop code, it looks like there is a missing access rule. What zone is Serveurs_Marne in?

    Could you please check the access rule from that zone to VPN or whatever zone you have placed PASTEUR_NETWORK in?

    Even if it is present make sure that the priority of that rule is set correctly and if there is any traffic on that rule.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • DisaRicksDisaRicks Newbie ✭

    @shiprasahu93

    I re-create the rule.

    I verify that all my objects are in the good zones

    I put the priority on 2 for this rule

    but allways the same error code

    No traffic on that rule !


    Thanks !!

  • shiprasahu93shiprasahu93 Moderator

    @DisaRicks,

    In that case, I would suggest reaching out to SonicWall support for further assistance. We probably need to dig deeper and find out the root cause of this issue.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.